Skip to main content

A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.

Project description

🛡️ USSO Python Client SDK

The USSO Python Client SDK (usso) provides a universal, secure JWT authentication layer for Python microservices and web frameworks.
It’s designed to integrate seamlessly with the USSO Identity Platform — or any standards-compliant token issuer.


🔗 Relationship to the USSO Platform

This SDK is the official verification client for the USSO identity service, which provides multi-tenant authentication, RBAC, token flows, and more.
You can use the SDK with:

  • Self-hosted USSO via Docker
  • Any identity provider that issues signed JWTs (with proper config)

✨ Features

  • Token verification for EdDSA, RS256, HS256, and more
  • Claim validation (exp, nbf, aud, iss)
  • Remote JWK support for key rotation
  • Typed payload parsing via UserData (Pydantic)
  • Token extraction from:
    • Authorization header
    • Cookies
    • Custom headers
  • FastAPI integration with dependency injection
  • Django middleware for request-based user resolution
  • 🧪 90% tested with pytest and tox

📦 Installation

pip install usso

With framework extras:

pip install "usso[fastapi]"     # for FastAPI integration
pip install "usso[django]"      # for Django integration

🚀 Quick Start (FastAPI)

from usso.fastapi.integration import get_authenticator
from usso.schemas import JWTConfig, JWTHeaderConfig, UserData
from usso.jwt.enums import Algorithm

config = JWTConfig(
    key="your-ed25519-public-key",
    issuer="https://sso.example.com",
    audience="api.example.com",
    type=Algorithm.EdDSA,
    header=JWTHeaderConfig(type="Authorization")
)

authenticator = get_authenticator(config)

@app.get("/me")
def get_me(user: UserData = Depends(authenticator)):
    return {"user_id": user.sub, "roles": user.roles}

🧱 Project Structure

src/usso/
├── fastapi/            # FastAPI adapter
├── django/             # Django middleware
├── jwt/                # Core JWT logic and algorithms
├── session/            # Stateless session support
├── models/             # JWTConfig, UserData, etc.
├── exceptions/         # Shared exceptions
├── authenticator.py    # High-level API (token + user resolution)

🐳 Integrate with USSO (Docker)

Run your own identity provider:

docker run -p 8000:8000 ghcr.io/ussoio/usso:latest

Then configure your app to verify tokens issued by this service, using its public JWKS endpoint:

JWTConfig(
    jwks_url="http://localhost:8000/.well-known/jwks.json",
    ...
)

🧪 Testing

pytest
tox

🤝 Contributing

We welcome contributions!


📝 License

MIT License © [mahdikiani]

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

usso-0.31.0.tar.gz (36.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

usso-0.31.0-py3-none-any.whl (40.0 kB view details)

Uploaded Python 3

File details

Details for the file usso-0.31.0.tar.gz.

File metadata

  • Download URL: usso-0.31.0.tar.gz
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.0.tar.gz
Algorithm Hash digest
SHA256 fb5effba326883eb9740199a799459f8da17e4067fd68998c740e9e5d9591281
MD5 26db64d6a807c30423d1051407ca6fd6
BLAKE2b-256 c296aa7281bf983ec071f28214627ef4d4fbac0e50d16d2d4a0492543decef8b

See more details on using hashes here.

File details

Details for the file usso-0.31.0-py3-none-any.whl.

File metadata

  • Download URL: usso-0.31.0-py3-none-any.whl
  • Upload date:
  • Size: 40.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a17aaa9f9f20240f4ae38e6fb4689218ba4da56e2960c149cb3b5bcbc40cdbda
MD5 63d754db3b9c5fd400c69bbe62b1a9bd
BLAKE2b-256 4e8509cc61bc7e8b2785fc63f64616ce223b9b4f5e8152b1e9b169007a3a7b01

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page